Amazon Confirms Limited Data Breach Affecting Employee Contact Information

Amazon Confirms Employee Data Breach

Amazon has confirmed that a data breach exposed sensitive information such as email addresses, phone numbers, and building locations linked to its employees. This incident was first reported by 404 Media and has raised concerns regarding the security practices of third-party vendors.

What Happened?

According to a statement from Adam Montgomery, an Amazon spokesperson, the company was notified about a security event involving one of its property management vendors that affected multiple clients, including Amazon itself.

Details of the Breach

The cybercrime analysis firm Hudson Rock reported that data posted on a hacking forum included information from Amazon along with 25 other companies, including MetLife, HP, HSBC, and Canada Post. The leaked data reportedly dates back to May 2023, following a significant security vulnerability in the MOVEit file transfer system.

Extent of the Data Leaked

Hudson Rock indicated that the breach not only impacted Amazon but also named several other significant organizations, such as the BBC, British Airways, and even the US Department of Energy. The individual who posted the information claimed it represents only a minor portion of the data they have in their possession.

Amazon's Response

Despite this issue, Montgomery confirmed that both Amazon and AWS systems remain secure and stated that they have not experienced a broader security event. He emphasized that the data breach involved only employee work contact information—specifically, work email addresses, desk phone numbers, and building locations.

Scope of Affected Employees

While the exact number of employees affected by the breach remains undetermined, a screenshot from the hacking forum suggests that over 2.8 million lines could be part of the alleged Amazon dataset. Montgomery clarified that no sensitive personal information, such as social security numbers, government identity documents, or financial data, was compromised in this incident.

Conclusion

This breach serves as a reminder of the importance of securing third-party vendor systems, as they can often become weak links in the security chain. Amazon continues to monitor the situation closely and has not reported any further security incidents.

Call to Action

As a precaution, it’s essential for employees of any organization to stay vigilant about their online security and adjust their passwords regularly. For organizations, a thorough review of security protocols and vendor management is imperative to mitigate such risks in the future.